Disable manager scoping for debug

2026-04-04 10:52:00 +07:00
parent 60e0ac630d
commit 4281afd7e8
2 changed files with 11 additions and 120 deletions
--- a/src/access.js
+++ b/src/access.js
@@ -1,5 +1,4 @@
 export const MANAGER_ROLES = ['MANAGER', 'SUPER_MANAGER'];
-const NO_CLIENT_IDS = ['__no_managed_clients__'];

 export function isSuperManager(user) {
  return user?.role === 'SUPER_MANAGER';
@@ -9,91 +8,10 @@ export function isManagerRole(role) {
  return MANAGER_ROLES.includes(role);
 }

-function normalizeManagedClientIds(clientIds) {
-  if (clientIds == null) {
-    return null;
-  }
-
-  return clientIds.length ? clientIds : NO_CLIENT_IDS;
-}
-
-export async function getManagedClientIds(prisma, manager) {
-  if (isSuperManager(manager)) {
-    return null;
-  }
-
-  const [managedOrders, acceptedInvitations, reviewedRequests, reviewedWithdrawals] = await Promise.all([
-    prisma.order.findMany({
-      where: { managerId: manager.id },
-      select: { customerId: true },
-    }),
-    prisma.invitation.findMany({
-      where: {
-        managerId: manager.id,
-        acceptedById: { not: null },
-      },
-      select: { acceptedById: true },
-    }),
-    prisma.registrationRequest.findMany({
-      where: {
-        reviewedById: manager.id,
-        requesterId: { not: null },
-      },
-      select: { requesterId: true },
-    }),
-    prisma.rewardWithdrawalRequest.findMany({
-      where: { reviewedById: manager.id },
-      select: { requesterId: true },
-    }),
-  ]);
-
-  const clientIds = new Set();
-
-  for (const order of managedOrders) {
-    if (order.customerId) {
-      clientIds.add(order.customerId);
-    }
-  }
-
-  for (const invitation of acceptedInvitations) {
-    if (invitation.acceptedById) {
-      clientIds.add(invitation.acceptedById);
-    }
-  }
-
-  for (const request of reviewedRequests) {
-    if (request.requesterId) {
-      clientIds.add(request.requesterId);
-    }
-  }
-
-  for (const withdrawal of reviewedWithdrawals) {
-    if (withdrawal.requesterId) {
-      clientIds.add(withdrawal.requesterId);
-    }
-  }
-
-  return [...clientIds];
-}
-
 export async function getManagedClientUserWhere(prisma, manager) {
-  const managedClientIds = normalizeManagedClientIds(await getManagedClientIds(prisma, manager));
-
-  if (managedClientIds == null) {
-    return { role: 'CLIENT' };
-  }
-
-  return {
-    role: 'CLIENT',
-    id: { in: managedClientIds },
-  };
+  return {};
 }

 export async function canManagerAccessUser(prisma, manager, userId) {
-  if (isSuperManager(manager) || userId === manager.id) {
-    return true;
-  }
-
-  const managedClientIds = await getManagedClientIds(prisma, manager);
-  return managedClientIds.includes(userId);
+  return isManagerRole(manager?.role);
 }
--- a/src/resolvers.js
+++ b/src/resolvers.js
@@ -13,7 +13,6 @@ import {
  canManagerAccessUser,
  getManagedClientUserWhere,
  isManagerRole,
-  isSuperManager,
 } from './access.js';
 import { sendLoginCodeEmail } from './mailer.js';
 import { dispatchToUserConnections, sendMessengerMessage } from './messenger.js';
@@ -51,18 +50,10 @@ async function assertManagerCanAccessUser(prisma, manager, userId) {
  }
 }

-function assertManagerCanAccessOrder(order, manager) {
+function assertManagerCanAccessOrder(order) {
  if (!order) {
    throw new Error('Order was not found.');
  }
-
-  if (isSuperManager(manager)) {
-    return;
-  }
-
-  if (order.managerId && order.managerId !== manager.id) {
-    throw new Error('Order is assigned to another manager.');
-  }
 }

 async function appendOrderEvent(prisma, orderId, status, actorUserId, note = null) {
@@ -551,15 +542,11 @@ export const resolvers = {
    },

    managerOrders: async (_, { status, customerId }, context) => {
-      const manager = requireManagerAccess(context);
+      requireManagerAccess(context);
      const normalizedCustomerId = normalizeOptionalText(customerId);
-      if (normalizedCustomerId) {
-        await assertManagerCanAccessUser(context.prisma, manager, normalizedCustomerId);
-      }

      return context.prisma.order.findMany({
        where: {
-          ...(isSuperManager(manager) ? {} : { managerId: manager.id }),
          ...(normalizedCustomerId ? { customerId: normalizedCustomerId } : {}),
          ...(status ? { status } : {}),
        },
@@ -680,19 +667,9 @@ export const resolvers = {
    },

    registrationRequests: (_, { status }, context) => {
-      const manager = requireManagerAccess(context);
+      requireManagerAccess(context);
      return context.prisma.registrationRequest.findMany({
-        where: {
-          ...(status ? { status } : {}),
-          ...(isSuperManager(manager)
-            ? {}
-            : {
-                OR: [
-                  { reviewedById: manager.id },
-                  { reviewedById: null },
-                ],
-              }),
-        },
+        where: status ? { status } : undefined,
        orderBy: { createdAt: 'desc' },
      });
    },
@@ -882,10 +859,6 @@ export const resolvers = {
        throw new Error('Registration request was not found.');
      }

-      if (!isSuperManager(manager) && request.reviewedById && request.reviewedById !== manager.id) {
-        throw new Error('Registration request is assigned to another manager.');
-      }
-
      return context.prisma.registrationRequest.update({
        where: { id: input.requestId },
        data: {
@@ -1393,7 +1366,7 @@ export const resolvers = {
      const existingOrder = await context.prisma.order.findUnique({
        where: { id: input.orderId },
      });
-      assertManagerCanAccessOrder(existingOrder, manager);
+      assertManagerCanAccessOrder(existingOrder);

      const order = await context.prisma.order.update({
        where: { id: input.orderId },
@@ -1460,7 +1433,7 @@ export const resolvers = {
    managerFinalizeOrder: async (_, { orderId, decision }, context) => {
      const manager = requireManagerAccess(context);
      const order = await context.prisma.order.findUnique({ where: { id: orderId } });
-      assertManagerCanAccessOrder(order, manager);
+      assertManagerCanAccessOrder(order);

      const status = decision === 'REJECT'
        ? 'MANAGER_REJECTED'
@@ -1502,7 +1475,7 @@ export const resolvers = {
      const order = await context.prisma.order.findUnique({
        where: { id: input.orderId },
      });
-      assertManagerCanAccessOrder(order, manager);
+      assertManagerCanAccessOrder(order);

      const updated = await context.prisma.order.update({
        where: { id: input.orderId },
@@ -1525,7 +1498,7 @@ export const resolvers = {
    startOrderWork: async (_, { orderId }, context) => {
      const manager = requireManagerAccess(context);
      const order = await context.prisma.order.findUnique({ where: { id: orderId } });
-      assertManagerCanAccessOrder(order, manager);
+      assertManagerCanAccessOrder(order);
      if (order.status !== 'CONFIRMED') {
        throw new Error('Only confirmed order can be started.');
      }
@@ -1550,7 +1523,7 @@ export const resolvers = {
    completeOrder: async (_, { orderId }, context) => {
      const manager = requireManagerAccess(context);
      const order = await context.prisma.order.findUnique({ where: { id: orderId } });
-      assertManagerCanAccessOrder(order, manager);
+      assertManagerCanAccessOrder(order);
      if (order.status !== 'IN_PROGRESS') {
        throw new Error('Only in-progress order can be completed.');
      }